[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] POP before SMTP, Open relay still open
- Subject: RE: [cobalt-users] POP before SMTP, Open relay still open
- From: "J. Patrick Lanigan" <patl@xxxxxxxxxxx>
- Date: Thu Jul 5 13:13:51 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> Dean Hall Wrote:
>
> If I'm correct, this is really quite amusing. I believe you have
> inadvertantly used the lastest pop-before-smtp vulnerability to allow
> the relay you were trying to block.
I'm glad I amused you ;) Actually, the thing that amuses me is I subscribe
to the security list also and the one time I fall behind in reading, *bam*,
I miss something important. Thanks for pointing me in the right direction.
Now if I could just get it fixed :/
> Your first attempt to relay caused a reject=553 message to be placed in
> the log. The pop-before-smtp code looks for a particular formatted
> string in the log and if found, assumes it was from a successful pop
> login. It so happens the formatted string is contained within the 553
> message, so once the error is generated, subsequent attempts to email
> will be successfully authenticated.
>
> Either yesterday or even earlier today, a hack was posted to close the
> vulnerability. You should find it here:
> http://list.cobalt.com/pipermail/cobalt-security/2001-July/002689.html
I applied the hack as directed, although I am on a RaQ3, and it is still
allowing the relay :( Has anyone successfully patched a RaQ3 yet?
J. Patrick Lanigan - Web Developer
-------------------------------------
w: http://www.laniganonline.com/
w: http://www.urltek.com/ coming soon
-------------------------------------